Overview

overview

10

Static

static

10

125c286ae9...6f.exe

windows7_x64

10

125c286ae9...6f.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    125c286ae99f2dda8188dafd5ba3ddd093c6c8f8f11a64c0e7b642fc85c7ee6f

  • Size

    176KB

  • Sample

    220212-f9fh8sgee3

  • MD5

    60b6116568bbd2533157dc5a98bcccdc

  • SHA1

    57a67cf4785b958594b88138144cf68c0b01d827

  • SHA256

    125c286ae99f2dda8188dafd5ba3ddd093c6c8f8f11a64c0e7b642fc85c7ee6f

  • SHA512

    b9ebbc6a02f3af0f1a9c7e7f2aced50d5e7c80b639a16f5a39fa90ff7657506df67c1950601425f47359cf7684365722136348dceb05129a250a0860172de00c

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      125c286ae99f2dda8188dafd5ba3ddd093c6c8f8f11a64c0e7b642fc85c7ee6f

    • Size

      176KB

    • MD5

      60b6116568bbd2533157dc5a98bcccdc

    • SHA1

      57a67cf4785b958594b88138144cf68c0b01d827

    • SHA256

      125c286ae99f2dda8188dafd5ba3ddd093c6c8f8f11a64c0e7b642fc85c7ee6f

    • SHA512

      b9ebbc6a02f3af0f1a9c7e7f2aced50d5e7c80b639a16f5a39fa90ff7657506df67c1950601425f47359cf7684365722136348dceb05129a250a0860172de00c

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks